﻿using System;
using ChapterX.Common;
using ChapterX.Data;
using ChapterX.BusinessFacade;

namespace ChapterX
{
    public partial class Login : ChapterX.Web.PageBase
    {
        private const String DEFAULT_PAGE = "~/Auth/Default.aspx";
        private const String QUERY_KEY_RETURN_URL = "ReturnUrl";
        private bool login_to_default_page_next_time = false;

        protected void Page_Load(object sender, EventArgs e)
        {
            // Check if we come here for some reason.
            String returnUrl = Request.QueryString[QUERY_KEY_RETURN_URL];
            if (!String.IsNullOrEmpty(returnUrl))
            {
                if (User.Identity.IsAuthenticated)
                {
                    SetErrorMessage("提示：您没有足够的权限来执行刚才的操作。");
                    login_to_default_page_next_time = true;
                }
                else
                {
                    SetErrorMessage("提示：您尚未登录，或者会话已经过期。");
                }
            }
            else
            {
                if (User.Identity.IsAuthenticated)
                {
                    Response.Redirect(DEFAULT_PAGE);
                }
                else
                {
                    SetInfoMessage("提示：请输入您的用户名和密码进行登录。");
                }
            }
        }

        protected void btnLogin_Click(object sender, EventArgs e)
        {
            String userName = txtUserName.Text;
            String password = txtPassword.Text;

            String message = null;
            do
            {
                // Do some checking first
                if (String.IsNullOrEmpty(userName) || String.IsNullOrEmpty(password))
                {
                    message = "提示：请同时提供您的用户名和密码。";
                    break;
                }

                bool isUserExisted;
                UserSystem us = new UserSystem();
                us.CheckUser(userName, out isUserExisted);

                bool isAccessExisted;
                AccessSystem acs = new AccessSystem();
                acs.CheckAccount(userName, out isAccessExisted);

                if (!isUserExisted && !isAccessExisted)
                {
                    message = "提示：您输入的用户名不存在。";
                    break;
                }

                bool isUserVerified = false;
                if(isUserExisted)   
                   isUserVerified = us.VerifyPassword(userName, password);

                bool isAccountVerified = false;
                if(isAccessExisted)
                    isAccountVerified = acs.VerifyAccessCode(userName, password);

                if (!isUserVerified && !isAccountVerified)
                {
                    message = "提示：您输入的用户名和密码不匹配。";
                    break;
                }

                if (isUserVerified)
                {

                    // Login
                    Users.UsersRow user = us.GetUserByUserName(userName);
                    AuthManager.UserLogin(userName, us.GetUserRoles(userName));

                    // Update user
                    us.UserLogin(userName, Request.UserHostAddress);

                    // Redirect
                    String redirectUrl;
                    if (login_to_default_page_next_time)
                    {
                        redirectUrl = DEFAULT_PAGE;
                        login_to_default_page_next_time = false;
                    }
                    else
                    {
                        redirectUrl = Request.QueryString[QUERY_KEY_RETURN_URL];
                        if (String.IsNullOrEmpty(redirectUrl))
                        {
                            redirectUrl = DEFAULT_PAGE;
                        }
                    }
                    Response.Redirect(redirectUrl);
                }
                else if (isAccountVerified)
                {
                    //login???
                    Response.Redirect("~/Auth/Student/ApplicationDetail.aspx");
                }
                
            }
            while (false);

            SetErrorMessage(message);
        }
    }
}
